""ET TROJAN Dyreza RAT Fake Server Header""
SID: 2018775
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2014_07_25, updated_at 2014_08_26
Reference:
-
md5
-
7e3e28320d209a586917668e3b8eac40
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "HTTP/1." Depth: 7
-
Value: "Server|3A| Stalin"
Within:
PCRE:
Special Options: