Seems Zeus variants with HTTP based C2 adapted mutex generation similar to that of Zeus variants with P2P C2. With the HTTP versions we observed many mutex creations, so we'll just trigger based on the count of the total unique mutexes that match the pattern. Also removed a bunch of white space. Bumped version as this requires all=True
Seems Zeus variants with HTTP based C2 adapted mutex generation similar to that of Zeus variants with P2P C2. With the HTTP versions we observed many mutex creations, so we'll just trigger based on the count of the total unique mutexes that match the pattern. Also removed a bunch of white space. Bumped version as this requires all=True