""ET INFO PNG image exfiltration over raw TCP""
SID: 2035476
Revision: 3
Class Type: misc-activity
Metadata: attack_target Client_Endpoint, created_at 2022_03_16, deployment Perimeter, signature_severity Informational, updated_at 2022_05_23
Reference:
-
md5
-
a271e5179f0a98a295736bd7a41a39fc
Protocol: tcp
Source Network: $HOME_NET
Source Port: ![80,8080]
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
- Value: "|89|PNG|0d 0a 1a 0a 00 00 00 0d|IHDR|00 00|" Depth: 18
Within:
PCRE:
Special Options: