""ET TROJAN Linux.Mumblehard Command Status CnC""
SID: 2021052
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2015_05_04, updated_at 2015_05_14
Reference:
-
md5
-
86f0b0b74fe8b95b163a1b31d76f7917
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "GET"
-
Value: "User-Agent|3a 20|Mozilla/5.0 (Windows NT 6.1|3b| rv|3a|7.0.1) Gecko/"
Within:
PCRE: "/^Host\x3a (?:\d{1,3}.){3}\d{1,3}\r\nUser-Agent\x3a[^\r\n]+?\r\nAccept\x3a[^\r\n]+?\r\nAccept-Language\x3a[^\r\n]+?\r\nAccept-Encoding\x3a[^\r\n]+?\r\nAccept-Charset\x3a[^\r\n]+?\r\nConnection\x3a close(?:\r\n)*$/Hi"
Special Options:
- http_method