""ET TROJAN Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND""
SID: 2018886
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2014_08_04, updated_at 2020_11_10
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "System Idle Process"
-
Value: "|49 6d 61 67 65 20 4e 61 6d 65|"
-
Value: "|50 49 44 20 53 65 73 73 69 6f 6e 20 4e 61 6d 65|"
-
Value: "|53 65 73 73 69 6f 6e 23|"
-
Value: "|4d 65 6d 20 55 73 61 67 65|"
-
Value: "svchost.exe"
-
Value: "winlogon.exe"
Within:
PCRE:
Special Options:
- fast_pattern