""ET TROJAN Win32/Kryptik.BSYO Checkin""
SID: 2018205
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2014_03_04, updated_at 2014_03_04
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "/log?"
-
Value: "|7c|aid="
-
Value: "|7c|version="
-
Value: "|7c|id="
-
Value: "|7c|os="
Within:
PCRE: "/\/log\?(start|install)\x7caid=/U"
Special Options:
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri