Merge PR #5164 from @Neo23x0 - Update Exploit Framework User Agent

update: Exploit Framework User Agent - Add default Havoc C2 UA
2025-01-19 21:42:40 +01:00
parent b162730502
commit 961753afb0
1 changed files with 4 additions and 1 deletions
@@ -6,7 +6,7 @@ references:
    - https://blog.didierstevens.com/2015/03/16/quickpost-metasploit-user-agent-strings/
 author: Florian Roth (Nextron Systems)
 date: 2017-07-08
-modified: 2021-11-27
+modified: 2025-01-18
 tags:
    - attack.command-and-control
    - attack.t1071.001
@@ -48,6 +48,9 @@ detection:
        # Exploits
            - '*wordpress hash grabber*'
            - '*exploit*'
+
+        # Havoc
+            - 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36'  # https://github.com/HavocFramework/Havoc/issues/519
    condition: selection
 fields:
    - ClientIP