""ET TROJAN Win32/Protux.B POST checkin""

SID: 2014360

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2012_03_10, updated_at 2012_03_27

Reference:

• md5

• 53105ecf3cf6040039e16abb382fb836

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: [$HTTP_PORTS,443]

Flow: from_client,established

Contents:

• Value: "POST"

• Value: "Mozilla/4.8.20 (compatible|3B| MSIE 5.0.2|3B| Win32)|0D 0A|Host|3a| "

Within:

PCRE:

Special Options:

• nocase

• http_method

• http_header

source