""ET TROJAN ELF/muBoT IRC Activity 7 (bindshell)""

SID: 2022190

Revision: 1

Class Type: trojan-activity

Metadata: created_at 2015_11_26, updated_at 2015_11_26

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "|0a c2 84 c2 9f|muBoT|c2 84 c2 9f|REMOTE|c2 84 c2 9f|SHELL"

Within:

PCRE:

Special Options:

source