""ET TROJAN Win32.Glupteba/ClIEcker CnC Checkin""
SID: 2013293
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2011_07_19, updated_at 2018_02_07
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "&downlink=" Depth: 100 Offset: 4
-
Value: "&uplink="
-
Value: "&id="
-
Value: "&statpass="
-
Value: "&version="
-
Value: "&features="
-
Value: "&guid="
-
Value: "&comment="
Within:
PCRE:
Special Options:
- fast_pattern