""ET TROJAN Possible Siloscape IRC CnC JOIN Command Observed""

SID: 2033266

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2021_07_07, updated_at 2021_07_07

Reference:

• Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 6666:7000

Flow: established,to_server

Contents:

• Value: "JOIN|20|#WindowsKubernetes" Depth: 23

Within:

PCRE:

Special Options:

source