""ET TROJAN SWORD Sending Sword Marker""
SID: 2016445
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2013_02_20, updated_at 2022_03_22
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 443
Flow: established,to_server
Contents:
- Value: "|20 20 20 20 2f 2a 0a 40 2a 2a 2a 40 2a 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40|"
Within:
PCRE:
Special Options:
- fast_pattern