EXEs downloaded by STYX loader

Noticed some easy sigs for EXEs being downloaded by STYX loader.

RogueAV, ZA, and Zbot…

HTTP Method = GET
User-Agent = Mozilla/4.0
Content-type = application/octet-stream

Also Infostealer.gift

HTTP Method = POST
User-Agent = Mozilla/4.0
Content-type = application/x-www-form-urlencoded

Comments are closed.