""ET TROJAN IP Scanner Tool Update Request (GET)""
SID: 2054452
Revision: 3
Class Type: network-scan
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_07_11, deployment Perimeter, confidence High, signature_severity Informational, tag Scanning, updated_at 2024_07_12
Reference:
-
md5
-
58889f7eaacabd6d582490d0052c738b
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: "|2f|checkupdate|2e|php|3f|lng|3d|" Depth: 21
-
Value: "&ver="
-
Value: "&type="
-
Value: "&rmode="
-
Value: "&product="
-
Value: !"Referer|3a 20|"
Within:
PCRE:
Special Options:
-
http_method
-
http_uri
-
fast_pattern
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_header