""ET MALWARE Win32/VoipRaider Data Collection Attempt""
SID: 2044035
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2023_01_31, deployment Perimeter, performance_impact Low, confidence High, signature_severity Minor, updated_at 2023_01_31
Reference:
-
md5
-
1fe3f8dffd016b3fefce8d62fb60309a
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: "/latestversion.aspx?requestversion="
-
Value: "&ip="
-
Value: "&mac="
-
Value: "&ir="
-
Value: "&MAJORV="
-
Value: "&MINORV="
-
Value: "&BUILDV="
-
Value: "&OS="
-
Value: "&BV="
-
Value: "&UT="
-
Value: "User-Agent|3a 20|WebRequestSession|0d 0a|"
Within:
PCRE: "/&mac=[A-F0-9]{12}/U"
Special Options:
-
http_method
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
http_uri
-
fast_pattern
-
http_header