Versions (3)
Version DetailsCurrent
Rev: 5 • Apr 16, 2012, 12:00 PMET INFO Potential Malicious PDF (EmbeddedFiles) improper case
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Potential Malicious PDF (EmbeddedFiles) improper case"; flow:from_server,established; content:"|0d 0a 0d 0a|%PDF"; content:"/EmbeddedFiles"; within:128; nocase; content:!"/EmbeddedFiles"; distance:-14; within:14; reference:url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/; classtype:misc-activity; sid:2014575; rev:5; metadata:attack_target Client_Endpoint, created_at 2012_04_16, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2023_04_20;)
Apr 16, 2012, 12:00 PM
Apr 20, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-info.rules