""ET TROJAN Tinba Banker CnC Response""
SID: 2024442
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2017_07_05, updated_at 2017_07_17
Reference:
-
md5
-
d360ee49950e7da3978379494667260c
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "|00 00 00 00 48 65 61 44|" Depth: 8
-
Value: "|00 00|"
Within: 5
PCRE:
Special Options:
-
file_data
-
fast_pattern