""ET TROJAN W32/Downloader Secondary Download Request - W32/Hupigon.Backdoor Likely Secondary Payload""

SID: 2016208

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2013_01_15, updated_at 2013_01_15

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/pir/bfg.php?dll="

Within:

PCRE:

Special Options:

• http_uri

source