""ET MALWARE Matanbuchus Loader CnC M4""
SID: 2034469
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2021_11_16, updated_at 2021_11_16
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: [$HTTP_PORTS,44413]
Flow: established,to_server
Contents:
-
Value: "POST|20|" Depth: 5
-
Value: ".php HTTP/1"
-
Value: "Content-Type|3a 20|application/x-www-form-urlencoded|0d 0a|"
-
Value: "|0d 0a 0d 0a|"
-
Value: "=eyIzbTd4Ijoi"
Within: 55
PCRE: "/(?:IiwiYXU1byI6I|IsImF1NW8iOi|iLCJhdTVvIjoi)/R"
Special Options:
- fast_pattern