""ET TROJAN HighTide trojan Checkin""

SID: 2019113

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2014_09_04, updated_at 2014_09_04

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "GET"

  • Value: "/?" Depth: 2

  • Value: "Trident/5.0|29 0d 0a|"

  • Value: "Referer|3A| http|3A|//www.google.com/|0D 0A|"

Within:

PCRE: "/^\/\?\d(?:[A-Za-z0-9~]{4})*(?:[A-Za-z0-9~]{2}--|[A-Za-z0-9~]{3}-|[A-Za-z0-9~]{4})$/U"

Special Options:

  • http_method

  • http_uri

  • fast_pattern

  • http_header

  • http_header

source