""ET TROJAN DarkGate AutoIt Downloader""
SID: 2048098
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2023_09_15, updated_at 2023_09_18, reviewed_at 2023_09_18
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|26 20|copy|20|c|3a 5c|windows|5c|system32|5c|curl|2e|exe"
-
Value: "|22|User|2d|Agent|3a 20|curl|22|"
-
Value: "|26 20|Autoit3|2e|exe"
-
Value: "|2e|au3"
Within:
PCRE:
Special Options:
-
file_data
-
fast_pattern