alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Blacknix CnC? Checkin"; flow:to_server,established; dsize:200<>300; content:"|32|"; depth:1; content:"|7c 78 01|"; distance:2; within:3; pcre:"/^[0-9]{3}\x7cx/"; metadata: former_category TROJAN; reference:md5,b4e95d3ec39cf8c7347ca1c64cfed631; classtype:trojan-activity; sid:2027731; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Blacknix, signature_severity Major, created_at 2019_07_19, updated_at 2019_07_19;)

Added 2019-07-19 18:58:54 UTC

Topic revision: r1 - 2019-07-19 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats