""ET TROJAN Win32/Kelihos.F Checkin""

SID: 2021947

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2015_10_13, updated_at 2015_10_13

Reference:

• md5

• dadee91e0b82fc91a25a66b61bb2f2dc

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 80

Flow: to_server,established

Contents:

• Value: "|6c 55 55 45 03 10 48 40|" Depth: 8 Offset: 4

Within:

PCRE:

Special Options:

source