Versions (2)
Version DetailsCurrent
Rev: 5 • Aug 4, 2011, 12:00 PMET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Executable Download Purporting to be JavaScript likely 2nd stage Infection"; flow:established,from_server; http.stat_code; content:"200"; http.content_type; content:"application/x-javascript"; nocase; startswith; file.data; content:"MZ"; within:2; byte_jump:4,58,relative,little; content:"PE|00 00|"; distance:-64; within:4; fast_pattern; classtype:trojan-activity; sid:2013352; rev:5; metadata:created_at 2011_08_04, signature_severity Major, updated_at 2020_07_27;)
Aug 4, 2011, 12:00 PM
Jul 27, 2020, 12:00 PM
Aug 4, 2011, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-malware.rules