""ET TROJAN Taidoor Checkin""
SID: 2015808
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2012_10_17, updated_at 2012_10_17
Reference:
-
md5
-
f4b8b51b75f67e68d0c1a9639e2488c3
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: [$HTTP_PORTS,443]
Flow: established,to_server
Contents:
-
Value: "GET " Depth: 4
-
Value: ".php?id="
-
Value: "MSIE 6.0|3b|"
Within: 8
PCRE: "/^GET\s\/[a-z]{5}.php\?id=[A-Z0-9]{18}\sHTTP\/1.[0-1]\r\n/"
Special Options:
- fast_pattern