""ET TROJAN Win32/Eternity Stealer Activity (POST)""

SID: 2042517

Revision: 1

Class Type: trojan-activity

Metadata: attack_target Client_Endpoint, created_at 2022_12_08, deployment Perimeter, malware_family Eternity_Stealer, confidence Medium, signature_severity Major, updated_at 2023_09_25

Reference:

  • md5

  • 2ce3d4b143ae185de225071f73a62cfb

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: 1024:

Flow: established,to_server

Contents:

  • Value: "POST"

  • Value: "?u="

  • Value: "&p="

  • Value: "&i="

  • Value: "&co="

  • Value: "&ci="

  • Value: "&t="

  • Value: "Host|3a 20|eternity"

  • Value: "Expect|3a 20|100-continue|0a|"

Within:

PCRE:

Special Options:

  • fast_pattern

source