""ET TROJAN Win32/HunterStealer/AlfonsoStealer/PhoenixStealer CnC Exfil""

SID: 2031198

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_11_11, deployment Perimeter, malware_family HunterStealer, malware_family AlfonsoStealer, malware_family PhoenixStealer, signature_severity Major, updated_at 2020_11_11

Reference:

• md5

• 490f0cff27a1cff0aead0ca3864e15d6

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 1024:

Flow: established,to_server

Contents:

• Value: "|50 4b 03 04 14 00|" Depth: 6

• Value: "Desktop.png"

Within:

PCRE:

Special Options:

• fast_pattern

source