""ET TROJAN Win32.Sluegot.A Checkin WEBC2-YAHOO APT1 Related""
SID: 2016461
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2011_06_28, updated_at 2022_05_03
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "User-Agent|3a| IPHONE"
Within:
PCRE: "/User-Agent\x3a\sIPHONE\d+\x2e\d+\x28(host\x3a|[^\r\n\x2c]+\x2c(\d{1,3}.){3}\d{1,3})/Hi"
Special Options:
- http_header