""ET TROJAN FrameworkPOS CnC Server Reporting IP Address To Agent""
SID: 2022552
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2016_02_22, updated_at 2016_02_22
Reference:
-
md5
-
591e820591e10500fe939d6bd50e6776
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "==" Depth: 2
-
Value: "=="
-
Value: "==" Depth: 2
Within: 17
PCRE: "/^(?:(?:[0-9]{1,3}.){3}[0-9]{1,3})(?:={2})/R"
Special Options:
-
file_data
-
fast_pattern
-
file_data