""ET TROJAN SIDESHOW CnC Authentication Over HTTP""
SID: 2044600
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2023_03_14, deployment Perimeter, deployment SSLDecrypt, updated_at 2023_03_14
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "1" Depth: 1
-
Value: "=pAJ9dk4OVq85jxKWoNfw1AG2C&"
-
Value: "="
Within:
PCRE: "/[0-9a-f]{16}$/Ui"
Special Options:
-
http_uri
-
http_uri
-
fast_pattern
-
http_uri