""ET TROJAN SUSPICIOUS IRC - NICK and Win""

SID: 2017322

Revision: 4

Class Type: bad-unknown

Metadata: created_at 2013_08_13, updated_at 2013_08_14

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established,to_server

Contents:

• Value: "NICK " Depth: 5

Within:

PCRE: "/^[^\r\n]*win/Ri"

Special Options:

source