""ET TROJAN Win32/WhiskerSpy - FTP STOR Command M2""
SID: 2044256
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_and_Server, created_at 2023_02_20, deployment Perimeter, malware_family WhiskerSpy, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2023_02_20
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: [21,53]
Flow: established,to_server
Contents:
- Value: "STOR h"
Within:
PCRE: "/^[a-f0-9]{16}\x0d\x0a/R"
Special Options: