reference HTTP User-Agent string

edit on GitHub
search on VirusTotal

# generated using capa explorer for IDA Pro
rule:
  meta:
    name: reference HTTP User-Agent string
    namespace: communication/http
    authors:
      - "@mr-tz"
    scopes:
      static: function
      dynamic: span of calls
    mbc:
      - Communication::HTTP Communication [C0002]
    references:
      - https://www.useragents.me/
      - https://www.whatismybrowser.com/guides/the-latest-user-agent/
    examples:
      - 0796F1C1EA0A142FC1EB7109A44C86CB:0x4043F0
  features:
    - or:
      - substring: "Mozilla/5.0"
      - substring: "like Gecko"
      - api: urlmon.ObtainUserAgentString
      - property/read: System.Net.HttpWebRequest::UserAgent

last edited: 2025-01-29 09:27:13