""ET CURRENT_EVENTS Spelevo EK Landing M3""
SID: 2027074
Revision: 2
Class Type: attempted-user
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2019_03_11, malware_family Spleevo_EK, performance_impact Moderate, signature_severity Major, updated_at 2019_03_11
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: from_server,established
Contents:
-
Value: "|427364576470626b526c6447566a64|"
-
Value: "-=8))%256)|3b|}"
-
Value: "+=72){"
-
Value: "[0] < 21) return false|3b|"
-
Value: ",[0] > 31) return false|3b|"
-
Value: "[0] == 31 &&"
-
Value: "[3] > 153) return false|3b|"
-
Value: "flash"
Within:
PCRE:
Special Options:
-
file_data
-
nocase