""ET TROJAN Generic Request to gate.php Dotted-Quad""
SID: 2022986
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2016_07_26, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2019_06_13
Reference:
-
md5
-
0680ff9251b686e9025b36c577163f01
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "/gate.php"
Within:
PCRE: "/Host\x3a\x20\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}(?:\x3a\d{1,5})?\r?\n/H"
Special Options:
-
nocase
-
http_uri