alert http $HOME_NET any → $EXTERNAL_NET any (msg:“ET MALWARE Mints.Loader GET Request”; flow:established,to_server; content:“GET”; http_method; content:“.php?s=mints”; http_uri; fast_pattern; content:“WindowsPowerShell/”; http.user_agent; classtype:trojan-activity; reference:md5,f9b55f8eb7f2b9bc6a3fbd7e6f1db477; sid:156001; reference:url,GitHub - cert-orangecyberdefense/mintsloader: MintsLoader IOCs; rev:1;)
Kind Regards,
Kevin Ross
