""ET TROJAN Win32/Kryptik.BSYO Checkin""

SID: 2018205

Revision: 4

Class Type: trojan-activity

Metadata: created_at 2014_03_04, updated_at 2014_03_04

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "/log?"

  • Value: "|7c|aid="

  • Value: "|7c|version="

  • Value: "|7c|id="

  • Value: "|7c|os="

Within:

PCRE: "/\/log\?(start|install)\x7caid=/U"

Special Options:

  • http_uri

  • http_uri

  • http_uri

  • http_uri

  • http_uri

source