""ET TROJAN Mint Stealer CnC Checkin""

SID: 2053836

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_and_Server, tls_state TLSDecrypt, created_at 2024_06_24, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Mint_Stealer, updated_at 2024_06_24

Reference:

• md5

• e6e620e5cac01f73d0243dc9cf684193

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "GET"

• Value: "/api/win?userid|3d|" Depth: 16

Within:

PCRE: "/[a-f0-9]{24}$/U"

Special Options:

• http_method

• fast_pattern

• http_uri

source