Versions (4)
Version DetailsCurrent
Rev: 4 • Nov 6, 2013, 12:00 PMET HUNTING SUSPICIOUS wimhost.exe in URI Probable Process Dump/Trojan Download
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING SUSPICIOUS wimhost.exe in URI Probable Process Dump/Trojan Download"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/wimhost.exe"; nocase; fast_pattern; endswith; reference:url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets; classtype:trojan-activity; sid:2017677; rev:4; metadata:created_at 2013_11_06, confidence Medium, signature_severity Major, updated_at 2020_09_22;)
Nov 6, 2013, 12:00 PM
Sep 22, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-hunting.rules