""ET TROJAN Ransom.Win32.Birele.gsg Checkin""
SID: 2015786
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2012_10_10, updated_at 2022_05_03
Reference:
-
md5
-
0ea9b34e9d77b5a4ef5170406ed1aaed
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: ".html"
-
Value: "From|3a| " Depth: 6
-
Value: "Via|3a| "
-
Value: !"1|2e|"
-
Value: !"User-Agent|3a| "
Within: 2
PCRE: "/^From\x3a \d+?\r\n/Hmi"
Special Options:
-
http_uri
-
http_header
-
http_header
-
http_header
-
http_header