""ET TROJAN Win32/LeftHook Stealer - CnC Response (get_socket)""
SID: 2045006
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_04_18, deployment Perimeter, confidence High, signature_severity Major, updated_at 2023_12_13
Reference:
-
md5
-
61bb691f0c875d3d82521a6fa878e402
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "Connection|3a 20|keep-alive|0d 0a|"
-
Value: "Content-Language|3a 20|ru|0d 0a|"
-
Value: "|7b 22|address|22 3a 22|" Depth: 12
-
Value: "|22 2c 22|collect|5f|data|22 3a|"
Within:
PCRE: "/^(?:false|true)\x7d$/R"
Special Options:
-
http_header
-
http_header
-
file_data
-
fast_pattern