""ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 2""
SID: 2019202
Revision: 4
Class Type: trojan-activity
Metadata: created_at 2014_09_22, updated_at 2018_08_28
Reference:
-
md5
-
00ccc1f7741bb31b6022c6f319c921ee
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: !139
Flow: to_server,established
Contents:
-
Value: "|12 12|" Depth: 2 Offset: 2
-
Value: !"|12 12|"
-
Value: "|12 12|"
-
Value: !"|12 12|"
-
Value: "|12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12|"
Within: 2
PCRE: "/[^\x12][^\x4e\x38\x39\x2f\x6e\x28\x29\x30\x2d\x2e\x2c\x3e\x31\x18][\x40-\x48\x4a-\x4d\x31-\x34\x3a-\x3c\x3f\x50-\x5f\x60-\x6c\x6f\x73-\x7f\x70\x71\x20-\x27\x2a\x2b]{1,14}\x12/R"
Special Options: