""ET TROJAN Silent Miner Changelog Checkin""

SID: 2022034

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2015_11_04, updated_at 2015_11_04

Reference:

  • md5

  • 2d51e11a38b7fd448cd0b1d319915e44

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

  • Value: "200"

  • Value: "Content-Type|3a 20|text/plain"

  • Value: "Changelog v" Depth: 11

  • Value: "-Added startup folder"

  • Value: "-Changed AutoUpdate Mode"

  • Value: "|7c 7c|----------------"

  • Value: "-Fixed startup .exe without name bug"

  • Value: "-Changed files hosting"

  • Value: "- Added CPU Threads"

Within:

PCRE:

Special Options:

  • http_stat_code

  • http_header

  • file_data

  • fast_pattern

source