""ET TROJAN PingPull ICMP Activity (Outbound)""
SID: 2036967
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2022_06_13, deployment Perimeter, malware_family Gallium, signature_severity Major, updated_at 2022_06_13
Reference:
-
md5
-
b4dd22013aefae6f721f0b67be61dc91
Protocol: icmp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow:
Contents:
-
Value: "|03 41 40 7e 04 37 24 70|R" Depth: 9
-
Value: "total="
-
Value: "current="
Within:
PCRE:
Special Options:
- fast_pattern