--------------------------------------------------------------------------

1.   --------------------------------------------------------------------------
2.   Date: 9/27/2017 -- 13:05:54
3.   --------------------------------------------------------------------------
4.    Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
5.   -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
6.   1        30311        1        1        11063356     34.71  1291     1291     92022       8569.60     8569.60     0.00      
7.   2        3031         1        1        7308682      22.93  1291     84       88686       5661.26     9237.90     5412.34    
8.   3        30312        1        1        13505369     42.37  2674     1291     99846       5050.62     5403.75     4720.99    
9.  
10. alert dns $HOME_NET any -> any any (msg:"ETPRO TROJAN DNS Query to Cerber Domain (google . com)"; dns_query; content:"google.com"; isdataat:!1,relative; classtype:trojan-activity; sid:30311; rev:1;)
11.  
12. alert udp $HOME_NET any -> any 53 (msg:"ETPRO TROJAN DNS Query to Cerber Domain (google . com)"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|06|google|03|com|00|"; fast_pattern; distance:0; nocase; classtype:trojan-activity; sid:3031; rev:1;)
13.  
14. alert dns $HOME_NET any -> any any (msg:"ETPRO TROJAN DNS Query to Cerber Domain (google . com)"; content:"|06|google|03|com|00|"; fast_pattern; nocase; dns_query; content:"google.com"; isdataat:!1,relative; classtype:trojan-activity; sid:30312; rev:1;)