""ET TROJAN Worm.Win32.Ngrbot.lof Join IRC channel""
SID: 2016849
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2013_05_14, updated_at 2014_12_30
Reference:
-
md5
-
dd05fcd2368d8d410a5b85e8d504a435
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
- Value: "NICK New|7B|"
Within:
PCRE: "/^\S{2,3}\x2d(XP|2K3|VIS|2K8|W7|ERR)\w?\x2d\w+?\x7D\w+?\r\n?/Ri"
Special Options:
- nocase