""ET TROJAN Upatre Common URI Struct July 15 2014""
SID: 2018678
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2014_07_15, updated_at 2014_07_15
Reference:
-
md5
-
79772d72082a082a0048569ba2dfe5a3
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "/0/"
-
Value: "Service Pack "
-
Value: !"Referer|3a|"
Within: 13
PCRE: "/\/0\/$/U"
Special Options:
-
http_uri
-
http_uri
-
http_header