""ET TROJAN W32/Mentory CnC Server Providing Update Details""
SID: 2014166
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2012_01_28, updated_at 2012_01_28
Reference:
-
md5
-
6724bb601611dcc0140960c59c7b3393
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "[UPDATE]|0D 0A|VER ="
-
Value: "URL ="
-
Value: "[PATTERN]|0D 0A|VER ="
-
Value: "URL ="
Within: 15
PCRE:
Special Options:
- file_data