""ET TROJAN Mac Trojan HTTP Checkin (accept-language violation)""
SID: 2007650
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2010_07_30, former_category MALWARE, updated_at 2020_09_10
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET " Depth: 4
-
Value: " HTTP/1.1|0d 0a|Accept-Language|3a| "
Within:
PCRE: "/Accept-Language\: [a-zA-Z0-9]{20}/"
Special Options: