SID: 2035474

Revision: 2

Class Type: trojan-activity

Metadata: attack_target Client_Endpoint, created_at 2022_03_16, deployment Perimeter, malware_family SideCopy, signature_severity Major, updated_at 2022_03_16

Reference:

  • md5

  • ae29fbacb0a0aba4b8f82924551fae4d

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: [!80,!443,!25,!22,!110]

Flow: established,to_server

Contents:

  • Value: "|31 36 00 2b 9c 02 0d 6e 46 11 42 7e e5 8f 99 94 1d fe 24|"

Within:

PCRE:

Special Options:

  • fast_pattern

source