""ET TROJAN Win32/Injector.DSQR CnC Activity (POST)""
SID: 2034936
Revision: 2
Class Type: attempted-admin
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_01_18, deployment Perimeter, signature_severity Major, updated_at 2022_01_18, reviewed_at 2024_06_26
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "CallGetResponse:"
-
Value: !"Referer"
-
Value: "data|3d 7b 22|msg|22 3a 22|DataRecivied|2d 3e 7b 5c 22|message|5c 22 3a 5c 22|JSON.parse|5c|" Depth: 53
Within:
PCRE: "/^User-Agent\x3a\x20dBrowser\x20\d\x20CallGetResponse\x3a\d/Hmi"
Special Options:
-
http_method
-
http_header
-
http_header
-
fast_pattern
-
http_client_body