""ET TROJAN Win32/Agent.Fish Data Exfiltration""
SID: 2036959
Revision: 1
Class Type: trojan-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2022_06_10, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2022_06_10
Reference:
-
md5
-
0768fd9a6c0344944a223b28eedff41f
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
- Value: "POST /data/collect HTTP/1.1"
Offset: 0
-
Value: "HOST|3a 20|"
-
Value: "User-Agent|3a 20|data-collect"
-
Value: "|22|HostName|22 3a 22|"
-
Value: "|22|UserName|22 3a 22|"
-
Value: "|22|AdapterDescription|22 3a 22|"
-
Value: "|22|DhcpEnabled|22|"
-
Value: "|22|IpAddresses|22 3a|"
-
Value: !"Referer|3a 20|"
Within:
PCRE:
Special Options:
- fast_pattern