""ET TROJAN Possible WEBC2-GREENCAT Response - Embedded CnC APT1 Related""
SID: 2016455
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2013_02_22, updated_at 2014_08_13
Reference:
-
md5
-
b5e9ce72771217680efaeecfafe3da3f
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
- Value: "<!--|0d 0a|<img border="
Within:
PCRE: "/^[0-4]\s*src=\x22[^\x22]+\x22\swidth=\d+\sheight=\d+>\r\n-->/R"
Special Options:
- file_data