""ET TROJAN ELF/BASHLITE CnC Activity (Response)""
SID: 2032080
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2021_03_16, updated_at 2023_04_05, reviewed_at 2023_12_11
Reference:
-
md5
-
d76cebc82c79b9d7c56bced94c03c9e8
Protocol: tcp
Source Network: any
Source Port: 666
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|21 20|DUP"
-
Value: "epoll_"
Within:
PCRE:
Special Options:
- fast_pattern