""ET TROJAN ZeroAccess Outbound udp traffic detected""
SID: 2015482
Revision: 8
Class Type: trojan-activity
Metadata: created_at 2012_07_17, updated_at 2013_09_19
Reference:
Protocol: udp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow:
Contents:
- Value: "|28 94 8d ab c9 c0 d1 99|" Depth: 8 Offset: 4
Within:
PCRE:
Special Options: