""ET TROJAN PlugX Checkin""
SID: 2017714
Revision: 5
Class Type: trojan-activity
Metadata: created_at 2013_11_14, updated_at 2014_04_16
Reference:
-
md5
-
17f9f999e1814b99601446f8ce7eb816
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
-
Value: "POST " Depth: 5
-
Value: "|0d 0a|Accept|3a 20 2a 2f 2a 0d 0a|"
-
Value: "1|3a 20|0|0d 0a|"
-
Value: !"Referer"
Within: 6
PCRE: "/^[A-Z]{4}/R"
Special Options:
- fast_pattern