-
Notifications
You must be signed in to change notification settings - Fork 159
/
send-http-request.yml
36 lines (36 loc) · 1.02 KB
/
send-http-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
rule:
meta:
name: send HTTP request
namespace: communication/http/client
authors:
- moritz.raabe@mandiant.com
- michael.hunhoff@mandiant.com
scopes:
static: function
dynamic: thread
mbc:
- Communication::HTTP Communication::Send Request [C0002.003]
examples:
- BFB9B5391A13D0AFD787E87AB90F14F5:0x13145D60
- 6A352C3E55E8AE5ED39DC1BE7FB964B1:0x100026E0
features:
- or:
- api: System.Net.WebRequest::GetResponse
- api: System.Net.WebRequest::GetResponseAsync
- and:
- or:
- api: wininet.HttpOpenRequest
- api: wininet.InternetConnect
- or:
- api: wininet.HttpSendRequest
- api: wininet.HttpSendRequestEx
- and:
- api: winhttp.WinHttpSendRequest
- api: winhttp.WinHttpWriteData
- optional:
- or:
- api: winhttp.WinHttpOpenRequest
- api: winhttp.WinHttpConnect
- and:
- match: send data on socket
- string: /HTTP/i