""ET TROJAN HawkEye Keylogger FTP""

SID: 2020410

Revision: 4

Class Type: trojan-activity

Metadata: created_at 2015_02_12, updated_at 2018_04_25

Reference:

  • md5

  • 85f3b302afa0989a91053af6092f3882

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 21

Flow: established,to_server

Contents:

  • Value: "STOR HawkEye"

Within:

PCRE: "/^(?:_|Keylogger)/Ri"

Special Options:

  • nocase

source