decompress HTTP response via IEncodingFilterFactory

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: decompress HTTP response via IEncodingFilterFactory
    namespace: communication/http/client
    authors:
      - matthew.williams@mandiant.com
    scopes:
      static: function
      dynamic: thread
    mbc:
      - Communication::HTTP Communication::Get Response [C0002.017]
    examples:
      - FBBAAF569B63F6398503E4F1979CABEF:0x4067F0
  features:
    - and:
      - match: get HTTP response content encoding
      - match: decompress data via IEncodingFilterFactory

last edited: 2023-11-24 10:34:28