""ET TROJAN Win32/Enosch.A gtalk connectivity check""
SID: 2018508
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2014_05_30, updated_at 2014_06_09
Reference:
-
md5
-
b13db8b21289971b3c88866d202fad49
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server
Contents:
-
Value: "/index.html"
-
Value: "User-Agent|3A 20|gtalk|0d 0a|" Depth: 19
Within:
PCRE: "/^User-Agent\x3a\x20gtalk\r\nHost\x3a\x20www.google.com\r\n(?:\r\n)?$/H"
Special Options:
-
http_uri
-
http_header