xNymia
commented
7 years ago Assuming you are talking about the signature for wannaCry, this is a 10 byte match for the start of a DNS request.
You can see the byte matches in for example wireshark, intercept a DNS request for example.com and look at the Byte pattern starting 2 bytes offset from the start of the DNS segment of the packet.
hello what is "content:"|01 00 00 01 00 00 00 00 00 00|" and where you find out?