""ET TROJAN Win32.ServStart.D Checkin""
SID: 2036415
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2016_03_15, updated_at 2016_03_15
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
-
Value: "Win|20|"
-
Value: "MB|00|"
-
Value: "MHz|00|"
-
Value: "|20|Mbps|00|"
Within:
PCRE: "/^(:?[78]|XP)/Ri"
Special Options: