""ET TROJAN HailBot Server Response""
SID: 2050065
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Networking_Equipment, created_at 2024_01_12, deployment Perimeter, malware_family Mirai, malware_family hailBot, confidence Medium, signature_severity Major, updated_at 2024_01_12
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
- Value: "|57 48 4f 20 54 48 45 20 48 45 4c 4c 20 41 52 45 20 59 4f 55 3f 20 54 45 4c 4c 20 4d 45 20 59 4f 55 52 20 4e 41 4d 45 21 20|"
Within:
PCRE:
Special Options: