""ET TROJAN DLoader File Download Request Activity""
SID: 2013045
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2011_06_16, updated_at 2011_06_16
Reference:
-
md5
-
7af2097d75869aa5aa656cd6e523c8b3
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "/load.php?file="
Within:
PCRE: "/\/load.php\?file=(\d+|(\w+)?grabber(s)?|uploader)(&luck=\d)?$/U"
Special Options:
- http_uri