ET MALWARE TransferLoader Custom HTTP Header and Values Observed (X-Custom-Header)
Sourceet/open
CreatedJune 23, 2025
UpdatedJune 23, 2025
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE TransferLoader Custom HTTP Header and Values Observed (X-Custom-Header)"; flow:established,to_server; http.header; content:"X-Custom-Header|3a 20|"; fast_pattern; pcre:"/^(?:unknown|xxx)/R"; reference:url,www.zscaler.com/blogs/security-research/technical-analysis-transferloader; classtype:trojan-activity; sid:2063155; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_and_Server, tls_state TLSDecrypt, created_at 2025_06_23, deployment Perimeter, malware_family TransferLoader, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_06_23, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel; target:src_ip;)
Metadata
affected productWindows_11
attack targetClient_and_Server
tls stateTLSDecrypt
created at2025_06_23
deploymentPerimeter
malware familyTransferLoader
performance impactLow
confidenceHigh
signature severityMajor
updated at2025_06_23
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!