""ET TROJAN Machete FTP activity""

SID: 2018980

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2014_08_22, updated_at 2014_08_22

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 21

Flow: established,to_server

Contents:

• Value: "CWD |2e 2e 2f|KeyLog_History" Depth: 21

Within:

PCRE:

Special Options:

source