""ET TROJAN W32/Woai.Dropper Config Request""
SID: 2018102
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2014_02_10, updated_at 2022_03_24
Reference:
-
md5
-
0425a66e3b268ef8cbdd481d8e44b227
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "/client/config.ini"
-
Value: "|3B 29 0D 0A|"
Within:
PCRE: "/User\x2DAgent\x3A\x20[^\r\n]MSIE[^\r\n]\x3B\x29\x0D\x0A/H"
Special Options:
-
http_uri
-
http_header