""ET TROJAN njrat ver 0.7d Malware CnC Callback (Capture)""
SID: 2019214
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2014_09_23, updated_at 2015_11_11
Reference:
-
md5
-
bbc68c34bb2dac3ae382ecf785bdb441
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: any
Flow: established
Contents:
-
Value: !"GET|20|"
-
Value: "|FF D8 FF E0 00 10 4A 46 49 46|"
-
Value: "|00|CAP|7c 27 7c 27 7c|"
Within:
PCRE: "/^\d{1,6}\x00cap\x7c/i"
Special Options:
-
nocase
-
fast_pattern