""ET TROJAN FakeAV.dfze/FakeAV!IK Checkin""
SID: 2014409
Revision: 9
Class Type: trojan-activity
Metadata: created_at 2012_03_22, performance_impact Significant, updated_at 2024_04_08
Reference:
-
md5
-
fe1e735ec10fb8836691fe2f2ac7ea44
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: "= HTTP/1.1|0D 0A|Host|3a| "
-
Value: !"User-Agent|3a| "
-
Value: "|0D 0A|Cache-Control|3a| no-cache|0D 0A 0D 0A|"
-
Value: !"pandora.com"
-
Value: !"wordpress.com"
Within:
PCRE: "/^\/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/U"
Special Options:
-
http_method
-
http_header
-
http_header
-
http_header