""ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND)""
SID: 2019204
Revision: 11
Class Type: trojan-activity
Metadata: created_at 2014_09_22, updated_at 2021_08_02
Reference:
-
md5
-
16549f8a09fd5724f2107a8f18dca10b
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: ![445,139]
Flow: to_server,established
Contents:
-
Value: "|18 18|" Depth: 2 Offset: 2
-
Value: !"|18 18|"
-
Value: "|18 18|"
-
Value: !"|18 18|"
-
Value: "|18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18 18|"
Within: 2
PCRE: "/[^\x18][^\x44\x32\x33\x25\x64\x22\x23\x3a\x27\x24\x26\x34\x3b\x12][\x20\x21\x28-\x2f\x70-\x77\x79-\x7f\x60-\x63\x65\x66\x67-\x6f\x50-\x5f\x40-\x42\x46-\x4f\x30\x31\x35\x36\x38\x3e\x39\x3b]{1,14}\x18/R"
Special Options: