""ET TROJAN Infostealer.Banprox Proxy.pac Download 3""

SID: 2019191

Revision: 12

Class Type: trojan-activity

Metadata: created_at 2014_09_18, updated_at 2014_09_18

Reference:

• md5

• 6f2dc4ba05774f3e5ebf6c502db48a71

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: from_server,established

Contents:

• Value: "FindProxyForURL"

• Value: "return |22|PROXY"

Within:

PCRE: "/^[^\x3b]+\x(?:[57][0-9a]|4[0-9a-f]|6[1-9a-f]|3[0-9])/Ri"

Special Options:

• file_data

• fast_pattern

source