ET DNS Query for .su TLD (Soviet Union) Often Malware Related
Started noticing suricata alerts based on this ET. Has anyone else been seeing this?
UDP traffic
(..5.?._X..............ns2.magicgenericmart.su..............W.".ns1...admin..w..@...X......u.....
Exploring tcpdump to pcap gives an indication that it still hits the cPanel host even though /etc/csf/csf.dyndns has the FQDN.
network.data.decoded | .............ns2.magicgenericmart.su..... |
Please sign in to leave a comment.
Comments
0 comments