""ET TROJAN Backdoor.Win32/PcClient.AA Checkin""
SID: 2019201
Revision: 10
Class Type: trojan-activity
Metadata: created_at 2014_01_31, former_category MALWARE, updated_at 2022_05_03
Reference:
-
md5
-
33439543cae709aa7efa58f94e4b2a62
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
-
Value: "POST /2015" Depth: 10
-
Value: "Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.2|3b| .NET CLR 1.1.4322|3b| .NET CLR 2.0.50727|3b| InfoPath.1|29 0d 0a|"
Within:
PCRE: "/^\d+?\/(?:\d+?\/-?\d+?.(?:php|jsp))? HTTP/Ri"
Special Options:
- fast_pattern