""ET TROJAN Bozok.RAT checkin""
SID: 2018325
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2014_03_26, updated_at 2014_03_27
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 80
Flow: to_server
Contents:
-
Value: "|00 00 00|" Depth: 4 Offset: 1
-
Value: "|00 7C 00|"
-
Value: "|00 7C 00|"
-
Value: "|00 7C 00|"
-
Value: "|00 7C 00|"
-
Value: "|00 7C 00|"
-
Value: "|00 7C 00|0|00 7c 00|2|00|"
Within: 32
PCRE:
Special Options: