""ET USER_AGENTS Win32/FakeAV InternetSecurityGuard User-Agent""
SID: 2045158
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2023_04_24, confidence High, updated_at 2023_04_24
Reference:
-
md5
-
054139bbb3748d0b8d393ab438e3a050
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "User-Agent|3a 20|"
-
Value: "@internetsecurityguard|0d 0a|"
Within:
PCRE:
Special Options:
- fast_pattern