""ET TROJAN KilerRAT CnC - Remote Shell""

SID: 2022068

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2015_11_11, updated_at 2015_11_11

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: from_server,established

Contents:

• Value: "rs|7c 4b 69 6c 65 72 7c|"

Within:

PCRE: "/\x7c(?:[A-Za-z0-9/+]{4})*(?:[A-Za-z0-9/+]{2}==|[A-Za-z0-9/+]{3}=|[A-Za-z0-9/+]{4})$/"

Special Options:

source