rule:
meta:
name: send HTTP request
namespace: communication/http/client
authors:
- moritz.raabe@mandiant.com
- michael.hunhoff@mandiant.com
scopes:
static: function
dynamic: thread
mbc:
- Communication::HTTP Communication::Send Request [C0002.003]
examples:
- BFB9B5391A13D0AFD787E87AB90F14F5:0x13145D60
- 6A352C3E55E8AE5ED39DC1BE7FB964B1:0x100026E0
features:
- or:
- api: System.Net.WebRequest::GetResponse
- api: System.Net.WebRequest::GetResponseAsync
- and:
- or:
- api: wininet.HttpOpenRequest
- api: wininet.InternetConnect
- or:
- api: wininet.HttpSendRequest
- api: wininet.HttpSendRequestEx
- and:
- api: winhttp.WinHttpSendRequest
- api: winhttp.WinHttpWriteData
- optional:
- or:
- api: winhttp.WinHttpOpenRequest
- api: winhttp.WinHttpConnect
- and:
- match: send data on socket
- string: /HTTP/i
last edited: 2023-11-24 10:35:00