""ET TROJAN Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)""
SID: 2008327
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2010_07_30, updated_at 2010_07_30, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 1024:
Flow: established,to_server
Contents:
- Value: "C|00|o|00|n|00|g|00|r|00|a|00|t|00|u|00|l|00|a|00|t|00|i|00|o|00|n|00|s|00|!|00| |00|P|00|e|00|r|00|f|00|e|00|c|00|t|00| |00|K|00|e|00|l|00|o|00|g|00|g|00|e|00|r|00| |00|w|00|a|00|s|00| |00|s|00|u|00|c|00|c|00|e|00|s|00|s|00|f|00|u|00|l|00|l|00|y|00| |00|i|00|n|00|s|00|t|00|a|00|l|00|l|00|e|00|d|00|"
Within:
PCRE:
Special Options: