""ET TROJAN Win32.Bicololo Response 2""

SID: 2016948

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2013_05_31, updated_at 2013_05_31

Reference:

• md5

• 691bd07048b09c73f0a979529a66f6e3

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: !80

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

• Value: "|0d 0a|Set-Cookie|3a| ci_session="

• Value: "|0d 0a 0d 0a|2|0d 0a|ok|0d 0a|0"

Within:

PCRE: "/^(\r\n)+?$/R"

Special Options:

• fast_pattern

source