alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Plurox Backdoor CnC? Checkin"; flow:established,to_server; content:"|aa 95 82 71|"; depth:4; content:"|01 00 00 00 00 00 00 00|"; distance:4; within:8; content:"|95 82 71 aa 95 82 71|"; distance:0; isdataat:!1,relative; fast_pattern; metadata: former_category TROJAN; reference:md5,c5b42399a6636de5014e2934ef08278f; reference:url,securelist.com/plurox-modular-backdoor/91213/; classtype:trojan-activity; sid:2027506; rev:2; metadata:created_at 2019_06_21, updated_at 2019_06_21;)

Added 2019-06-21 20:26:57 UTC


Topic revision: r1 - 2019-06-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats