IOC
https://attack.mitre.org/software/S0013/

WEB Header:
SRC: POST /submit HTTP/1.1
SRC: Content-Type: multipart/form-data; boundary=---------------------------0000002900004823
SRC: User-Agent: Breakpad/1.0 (Windows)
SRC: Host: crash.steampowered.com
SRC: Content-Length: 610396
SRC: Cache-Control: no-cache

IDS TRIGGER
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"MALWARE-CNC Win.Trojan.Gh0st_PlugX user-profile in outbound ephemeral port"; flow:to_server,established; content:"|5C 00 55 00 73 00 65 00 72 00 73 00 5C 00|"; content:"|5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00|"; within:150; metadata:ruleset community; classtype:trojan-activity; sid:5017162; rev:1;)

DNS
crash.steampowered.com

IP
208.64.203.173

==================================================
Filename          : steamerrorreporter64.exe
MD5               : 880256e472495f83ad9179b2e091de04
SHA1              : c75183780893c70fa8fc0341577fcc8378d7a407
CRC32             : 27b8c046
SHA-256           : 4538f96457de3cc9d75b7ae5b3311cb609b8dd6bbf0456d179c70095831e6d51
SHA-512           : 7cda84a156f198cad576bc376061bd120429dbf56e383843440b31d35a43327b9c8e1e307b8b996687bec8daae1e7e287607182569b53a3f60b38dafb617607b
SHA-384           : ca841b95c1eaa41a9a53e856c516c40e0e7e2424b913f356b05fde9a40c428694478f3b3c03a4fffbe5bfab18868498c
Modified Time     : 29/10/2020 01.56.08
Created Time      : 28/11/2020 11.23.43
Entry Modified Time: 10/11/2020 14.53.33
File Size         : 644.384
File Version      : 06.17.23.25
Product Version   : 03.00.00.01
Extension         : exe
File Attributes   : A
==================================================

==================================================
Filename          : steamerrorreporter.exe
MD5               : 1fb7c381ef3b013355be118172f41706
SHA1              : dbcba1e30e7df4e5cdbca3409e89a12d941f37ce
CRC32             : 24c0a41f
SHA-256           : 94fb294b3c57627c56825e446f7863aa5cb31f12022b906cb7094c1120d6adeb
SHA-512           : 48201b771df5f01020ed71ee8ab3e7b53c7aed1566c984b7c59e5fa05cc7c1fcb7b4323457cd4a88ccc2f2c4ac4c9b77820d25e61c097a4490778f4b699ac4fa
SHA-384           : fa847d279d1f44658fdafba0d2395bfc368c91768bf20e3221e31f76d0fd62d059bd51a3dd43d0fa92e88cbf2b4ab550
Modified Time     : 29/10/2020 01.56.06
Created Time      : 28/11/2020 11.23.43
Entry Modified Time: 10/11/2020 14.53.33
File Size         : 574.752
File Version      : 06.17.23.25
Product Version   : 03.00.00.01
Extension         : exe
File Attributes   : A
==================================================