""ET TROJAN Blackshades Payload Download Command""
SID: 2014101
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2012_01_05, updated_at 2012_01_06
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "x74|0C|64|0C|" Depth: 7
-
Value: "x49|0C|"
Within:
PCRE:
Special Options: