""ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 5""
SID: 2020215
Revision: 6
Class Type: trojan-activity
Metadata: created_at 2015_01_20, updated_at 2022_03_28
Reference:
-
md5
-
05054afcfc6a651a057e47cd0f013c7b
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: [!5800,!445]
Flow: to_server,established
Contents:
-
Value: "|15 15|" Depth: 2 Offset: 2
-
Value: !"|15 15|"
-
Value: "|15 15|"
-
Value: !"|15 15|"
-
Value: "|15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15|"
Within: 2
PCRE: "/[^\x15][^\x49\x3f\x3e\x28\x69\x2f\x2e\x37\x2a\x29\x2b\x39\x36][\x20-\x27\x2c\x2d\x30\x31\x33-\x36\x38\x3b-\x3d\x40-\x47\x4a-\x4d\x4f\x50-\x5f\x60\x68\x6b-\x6f\x70-\x74\x76-\x7f]{1,14}\x15/R"
Special Options:
- fast_pattern