""ET TROJAN Fake/Short Google Search Appliance UA Win32/Ranbyus and Others""
SID: 2017937
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2014_01_08, updated_at 2014_01_08
Reference:
-
md5
-
c07a6035e9c7fed2467afab1a9dbcf40
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "User-Agent|3a 20|gsa-crawler|0d 0a|"
Within:
PCRE:
Special Options:
-
nocase
-
http_header