""ET TROJAN Win32/Virut.BN Checkin""
SID: 2012533
Revision: 6
Class Type: trojan-activity
Metadata: created_at 2011_03_21, updated_at 2012_03_20
Reference:
-
md5
-
199d9ea754f193194e251415a2f6dd46
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "GET " Depth: 4
-
Value: "list.php?c="
-
Value: "&v="
-
Value: "&t="
Within: 32
PCRE: "/c\x3d[0-9A-F]{100}/i"
Special Options:
- nocase