""ET TROJAN MAGICHOUND.MPK Activity via IRC""
SID: 2023940
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2015_10_14, updated_at 2023_03_24
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 6666:7000
Flow: established,to_server
Contents:
-
Value: "PRIVMSG mpk|20 3a|"
-
Value: "!MpkPing|20|<
>" -
Value: "<
>|20|< >" -
Value: "<
>"
Within:
PCRE: "/^\d/R"
Special Options:
- fast_pattern