alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Win32/Blacknix CnC? Heartbeat"; flow:to_server,established; dsize:15; content:"|7c 78 01|"; offset:2; depth:3; pcre:"/^[0-9]{2}\x7cx/"; threshold: type both, track by_src, count 5, seconds 60; metadata: former_category TROJAN; reference:md5,b4e95d3ec39cf8c7347ca1c64cfed631; classtype:trojan-activity; sid:2027732; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Blacknix, signature_severity Major, created_at 2019_07_19, updated_at 2019_07_19;)

Added 2019-07-19 18:58:54 UTC

Topic revision: r1 - 2019-07-19 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats