""ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 4""
SID: 2019601
Revision: 6
Class Type: trojan-activity
Metadata: created_at 2014_10_30, updated_at 2015_07_16
Reference:
-
md5
-
0c2cb38062e0fb6b040518a384418b7b
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
-
Value: "|28 28|" Depth: 2 Offset: 2
-
Value: !"|28 28|"
-
Value: "|28 28|"
-
Value: !"|28 28|"
-
Value: "|28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28|"
Within: 2
PCRE: "/[^\x28][^\x76\x74\x02\x03\x15\x54\x12\x13\x0a\x17\x14\x16\x04\x0b\x22][\x05\x09\x0b\x0e\x08\x06\x1a-\x1f\x10\x11\x18\x19\x40-\x47\x48-\x4f\x50-\x53\x55\x56\x58-\x5e\x60-\x68\x6a-\x6f\x70\x72\x76-\x7e]{1,14}\x28/R"
Special Options: