""ET TROJAN Potential Sefnit C2 traffic (from server)""

SID: 2018449

Revision: 8

Class Type: trojan-activity

Metadata: created_at 2014_05_05, updated_at 2016_12_12

Reference:

Protocol: tcp

Source Network: any

Source Port: 443

Destination Network: any

Destination Port: any

Flow: from_server,established

Contents:

• Value: "SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1"

Within:

PCRE:

Special Options:

source