rule:
meta:
name: send data
namespace: communication
authors:
- william.ballenthin@mandiant.com
- joakim@intezer.com
description: all known techniques for sending data to a potential C2 server
scopes:
static: function
dynamic: thread
mbc:
- Command and Control::C2 Communication::Send Data [B0030.001]
examples:
- BFB9B5391A13D0AFD787E87AB90F14F5:0x13145D60
features:
- or:
- and:
- os: windows
- or:
- match: send HTTP request
- match: send data on socket
- match: send file via HTTP
- match: send data to Internet
- and:
- os: linux
- or: # Require network bound socket.
- match: create TCP socket
- match: create UDP socket
- or:
- match: send HTTP request
- match: send data on socket
- match: send file via HTTP
last edited: 2023-11-24 10:35:00