""ET TROJAN Win32/Borr Stealer Variant Sending System Information""
SID: 2036595
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2022_05_16, deployment Perimeter, signature_severity Major, updated_at 2022_05_16, reviewed_at 2024_05_07
Reference:
-
md5
-
c7175f875b79020acc88eda29100e6d7
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 1024:
Flow: established,to_server
Contents:
-
Value: "Content-length|3a|"
-
Value: !"|20|"
-
Value: "UserId|3a|"
-
Value: !"|20|"
-
Value: "Crypto|3a|"
-
Value: !"|20|"
-
Value: "Passworld|3a|"
-
Value: !"|20|"
-
Value: "Cookies|3a|"
-
Value: !"|20|"
-
Value: "PK"
-
Value: "Processes.txt"
-
Value: "User Information.txt"
Within: 1
PCRE:
Special Options:
- fast_pattern