""ET TROJAN Cryptojoker Checkin""
SID: 2022333
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2016_01_06, updated_at 2016_01_06
Reference:
-
md5
-
bca6c1fa9b9a8bf60eecbd91e08d1323
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "GET"
-
Value: ".php?info="
-
Value: "|3a 3a|"
-
Value: "|4f 4e 4c 25 35 43 6e|"
-
Value: !"Accept"
-
Value: !"Referer|3a|"
-
Value: !"User-Agent|3a 20|"
Within:
PCRE: "/\x4f\x4e\x4c\x25\x35\x43\x6e$/I"
Special Options:
-
http_method
-
fast_pattern
-
http_uri
-
http_uri
-
http_raw_uri
-
http_header
-
http_header
-
http_header