Hacking Team Galileo client

Anyone look on their or their clients’ networks for this with Bro? I’m particularly interested if it is easy to find past indicators in Bro logs.

"They have moderately sophisticated hiding mechanisms, including both rootkits and UEFI persistence, but this is let down by a very obvious and noisy network signature. Obviously Hacking Team assume that their targets will not be looking at the network traffic emanating from their computers, but would be disconcerted to see 'agent.exe' appear in their Task Managers."

http://arstechnica.com/security/2015/07/hacking-team-may-not-have-had-a-backdoor-but-it-could-kill-client-installs/