""ET TROJAN PRISM Backdoor""
SID: 2017314
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2013_08_12, updated_at 2014_08_12
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow:
Contents:
- Value: "PRISM v"
Within:
PCRE: "/^\d+?.\d+?\sstarted/R"
Special Options: