""ET TROJAN Inbound MonetizeUs/LNKR Struct""
SID: 2029591
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Web_Browsers, created_at 2020_03_09, malware_family LNKR, malware_family MonetizeUs, performance_impact Low, signature_severity Major, updated_at 2020_03_09
Reference:
-
md5
-
0866447a440f1e01a391ccb1c0ab150d
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "200"
-
Value: "|28|function" Depth: 50
-
Value: "g=|22|"
-
Value: "=|5b 22|mid=|22 2c 22|wid="
-
Value: "|22|sid=|22 2c 22|tid="
-
Value: "|22|rid="
-
Value: "monetizationsConfig|3a|"
Within: 30
PCRE: "/^[a-f0-9]{18}\x22/R"
Special Options:
-
http_stat_code
-
file_data
-
fast_pattern