Rule History

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET HUNTING http string in hex Possible Obfuscated Exploit Redirect"; flow:established,to_client; content:"=[|22 5c|x68|5c|x74|5c|x74|5c|x70|5c|x3A|5c|x2F|5c|x2F|5c|"; classtype:bad-unknown; sid:2012118; rev:4; metadata:created_at 2010_12_30, former_category INFO, confidence Medium, signature_severity Minor, updated_at 2024_11_29, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1027, mitre_technique_name Obfuscated_Files_or_Information;)