""ET TROJAN W32/AGENT.NXNX Checkin 2""

SID: 2020303

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2015_01_23, updated_at 2015_01_23

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

• Value: "D|3a 00 00 00|" Depth: 13 Offset: 7

Within:

PCRE: "/^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}D\x3a\x00+?$/"

Special Options:

source